<?php session_start();
include "logincheck.php";
nologin();
?>
<html>
<head>
    <meta charset="utf-8">
    <title>用户资料修改</title>
</head>
<body>

<form action="" method="post" enctype="multipart/form-data">
    <p>名称:</p>

    <input type="text" name="name" value="<?php echo $_SESSION['name'];?>">
    <br>
    <p>密码:</p>
    <input type="password" name="password" value="<?php echo $_SESSION['password'] ?>">
    <br>
    <label for="file">头像上传点：</label>
    <br>
    <input type="file" name="file" id="file"><br>
    <br>
    <input type="submit" name="submit" value="提交">
</form>

</body>
</html>
<?php
function upload_img($files)
{
    $env = explode(".",$files["file"]["name"]);
    $path='./uploads/'.$files["file"]["name"];
    $waf = array('jpg','jpeg','png','gif');
    if (in_array(end($env), $waf)) {
    move_uploaded_file($files["file"]["tmp_name"],$path);
    echo "yes";
    }
    return $path;
}
if (!empty($_POST['name']) or !empty($_POST['password']) or !empty($_FILES['file']))
{
    $name = htmlspecialchars($_POST['name']);
    $passowrd = htmlspecialchars($_POST['password']);
    $path = htmlspecialchars(upload_img($_FILES));
    include 'conn.php';
    $sql = "UPDATE users SET name = ? , password = ?, img = ?  WHERE id = ".$_SESSION['id'].";";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("sss", $name, $passowrd, $path);
    if ($stmt->execute() === true) {
        $_SESSION['name'] = $name;
        $_SESSION['password'] = $passowrd;
        $_SESSION['img'] = $path;
        header('Location: index.php');
        $conn->close();
    }else {
        $conn->close();
        echo "<script>alert('更改错误，请联系管理员')</script>";
    }
}





